security fix: CP-10: Admin Websites Suspend / Unsuspend

Author: usmannasir

websiteFunctions/website.py

@@ -574,6 +574,12 @@ def submitWebsiteStatus(self, userID=None, data=None):
 
             website = Websites.objects.get(domain=websiteName)
 
+            admin = Administrator.objects.get(pk=userID)
+            if ACLManager.checkOwnership(websiteName, admin, currentACL) == 1:
+                pass
+            else:
+                return ACLManager.loadErrorJson('websiteStatus', 0)
+
             if state == "Suspend":
                 confPath = virtualHostUtilities.Server_root + "/conf/vhosts/" + websiteName
                 command = "mv " + confPath + " " + confPath + "-suspended"